He will get KTH to keep better track of the organisation's data
Carl-Niclas Odenbring is the new Information Security Specialist in the Security Department. His task is to introduce a management system with a framework, guidelines and various tools to support increased information security at KTH. The job also involves raising employees' understanding of the value of good information security.
Information security is about having control over your information.
"What information do we have and how must we protect it? And can we protect it in the way we need to? Odenbring says.
The framework and guidelines he is developing will form the basis for how KTH's employees should handle their information and will set requirements for information security in different contexts.
“Who should have access to certain information and how do we ensure that permissions are not changed unknowingly? It is also about being able to set the right system requirements so that, for example, information lost in a system crash can be made available again, Odenbring says.
He believes that these aspects need to be incorporated into many of KTH's processes. For example, in the way researchers handle their data, but also in the requirements that researchers place on KTH when it comes to storing research data.
“It must become a matter of course at KTH to include information security requirements in various procurements, as well as in the management and upgrading of IT systems.
“The demands we place on our IT systems must also be in balance with the demands we place on ourselves, and which we are able to meet, he adds.
The importance of information security
Why is all this important to KTH?
“It is not important as long as everything is going well. But as soon as something happens, for example, a loss of data, information security should have been considered in advance.
KTH is an educational institution and a public authority with transparency requirements. Does that cause any problems?
“Just because the information is open and accessible does not mean that it should not be protected. For example, the open data on which research is based must be protected in a way that ensures it remains accurate. This is very important, even if the information itself is not confidential, Odenbring points out.
A challenge for KTH
He adds that there are big challenges with information security at KTH.
“Writing policies is not the hardest part. The challenge is to create an understanding of the importance of information security among all employees. It's about increasing the maturity of individuals and achieving a cultural change. It is a huge task.
The EU has designated October as Cyber Security Month to raise the collective awareness of security issues in Europe.
“The world situation has changed significantly in recent years. A very important aspect of this is the introduction of an information security management system at KTH, Odenbring concludes.
Text: Marianne Norén